diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c
index 9a5e8b74ac..03af9aacd4 100644
--- a/src/feature/relay/router.c
+++ b/src/feature/relay/router.c
@@ -2066,8 +2066,17 @@ router_build_fresh_routerinfo(routerinfo_t **ri_out)
 
   ri->declared_family = get_my_declared_family(options);
 
-  ri->purpose =
-    options->BridgeRelay ? ROUTER_PURPOSE_BRIDGE : ROUTER_PURPOSE_GENERAL;
+  if (options->BridgeRelay) {
+    ri->purpose = ROUTER_PURPOSE_BRIDGE;
+    /* Bridges shouldn't be able to send their descriptors unencrypted,
+     anyway, since they don't have a DirPort, and always connect to the
+     bridge authority anonymously.  But just in case they somehow think of
+     sending them on an unencrypted connection, don't allow them to try. */
+    ri->cache_info.send_unencrypted = 0;
+  } else {
+    ri->purpose = ROUTER_PURPOSE_GENERAL;
+    ri->cache_info.send_unencrypted = 1;
+  }
 
   goto done;
 
@@ -2090,6 +2099,7 @@ static extrainfo_t *
 router_build_fresh_extrainfo(const routerinfo_t *ri)
 {
   extrainfo_t *ei = NULL;
+  const or_options_t *options = get_options();
 
   if (BUG(!ri))
     return NULL;
@@ -2097,7 +2107,7 @@ router_build_fresh_extrainfo(const routerinfo_t *ri)
   /* Now generate the extrainfo. */
   ei = tor_malloc_zero(sizeof(extrainfo_t));
   ei->cache_info.is_extrainfo = 1;
-  strlcpy(ei->nickname, get_options()->Nickname, sizeof(ei->nickname));
+  strlcpy(ei->nickname, options->Nickname, sizeof(ei->nickname));
   ei->cache_info.published_on = ri->cache_info.published_on;
   ei->cache_info.signing_key_cert =
     tor_cert_dup(get_master_signing_key_cert());
@@ -2105,6 +2115,13 @@ router_build_fresh_extrainfo(const routerinfo_t *ri)
   memcpy(ei->cache_info.identity_digest, ri->cache_info.identity_digest,
          DIGEST_LEN);
 
+  if (options->BridgeRelay) {
+    /* See note in router_build_fresh_routerinfo(). */
+    ei->cache_info.send_unencrypted = 0;
+  } else {
+    ei->cache_info.send_unencrypted = 1;
+  }
+
   return ei;
 }
 
@@ -2275,10 +2292,6 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e)
   if (result < 0)
     goto err;
 
-  /* TODO: fold into router_update_extrainfo_descriptor_body() and
-   * router_update_routerinfo_descriptor_body() ? */
-  router_update_info_send_unencrypted(ri, ei);
-
   if (ei) {
      if (BUG(routerinfo_incompatible_with_extrainfo(ri->identity_pkey, ei,
                                                     &ri->cache_info, NULL))) {